Back to search
CVE-2012-1823
Published: May 11, 2012
Modified: Nov 4, 2025
PUBLISHED
Description
sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to execute arbitrary code by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'd' case.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
SSRT100856
vendor-advisory
SUSE-SU-2012:0604
vendor-advisory
1027022
vdb-entry
HPSBMU02786
vendor-advisory
MDVSA-2012:068
vendor-advisory
openSUSE-SU-2012:0590
vendor-advisory
RHSA-2012:0546
vendor-advisory
RHSA-2012:0568
vendor-advisory
RHSA-2012:0569
vendor-advisory
49014
third-party-advisory
RHSA-2012:0570
vendor-advisory
SUSE-SU-2012:0598
vendor-advisory
VU#673343
third-party-advisory
RHSA-2012:0547
vendor-advisory
APPLE-SA-2012-09-19-2
vendor-advisory
49065
third-party-advisory
VU#520827
third-party-advisory
SSRT100877
vendor-advisory
HPSBUX02791
vendor-advisory
DSA-2465
vendor-advisory
49085
third-party-advisory
49087
third-party-advisory
FEDORA-2024-49aba7b305
vendor-advisory
FEDORA-2024-52c23ef1ec
vendor-advisory
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now